CVE-2023-0652

HIGH

Cloudflare WARP < 2023.3.381.0 - Privilege Escalation via Hardlink Attack

Title source: llm

Description

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

References (3)

Core 3

Core References

Product

https://developers.cloudflare.com/warp-client/get-started/windows/

Vendor Advisory

https://github.com/cloudflare/advisories/security/advisories/GHSA-xmhj-9p83-xvw9

Release Notes

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release

Scores

CVSS v3 7.0

EPSS 0.0029

EPSS Percentile 20.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (1)

cloudflare/warp < 2023.3.381.0

Published Apr 06, 2023

Tracked Since Feb 18, 2026